semantics

2026-03-27 21:27:31 +03:00
parent 7c85552132
commit 2ed66bfebc
182 changed files with 21186 additions and 10254 deletions
--- a/specs/025-clean-release-compliance/contracts/modules.md
+++ b/specs/025-clean-release-compliance/contracts/modules.md
@@ -17,7 +17,7 @@
 # @TEST_EDGE: publish_without_approval -> reject transition
 # @TEST_EDGE: mutate_existing_manifest -> reject update
 # @TEST_INVARIANT: lifecycle_integrity -> VERIFIED_BY: [approve_without_passed_report, publish_without_approval, mutate_existing_manifest]
-# [/DEF:CleanReleaseDomainModule]
+# [/DEF:CleanReleaseDomainModule:Module]

 ---

@@ -43,7 +43,7 @@
 # @TEST_EDGE: illegal_transition -> returns transition error
 # @TEST_EDGE: missing_policy_snapshot -> returns trusted-source error
 # @TEST_INVARIANT: thin_client_boundary -> VERIFIED_BY: [missing_candidate, illegal_transition, missing_policy_snapshot]
-# [/DEF:CleanReleaseFacadeModule]
+# [/DEF:CleanReleaseFacadeModule:Module]

 ---

@@ -66,7 +66,7 @@
 # @TEST_EDGE: malformed_artifact_payload -> reject import
 # @TEST_EDGE: empty_artifact_set -> reject mark_prepared
 # @TEST_INVARIANT: candidate_input_integrity -> VERIFIED_BY: [duplicate_candidate_id, malformed_artifact_payload, empty_artifact_set]
-# [/DEF:CandidatePreparationServiceModule]
+# [/DEF:CandidatePreparationServiceModule:Module]

 ---

@@ -89,7 +89,7 @@
 # @TEST_EDGE: build_with_changed_artifacts -> create new version
 # @TEST_EDGE: overwrite_existing_manifest -> reject mutation
 # @TEST_INVARIANT: manifest_snapshot_integrity -> VERIFIED_BY: [build_without_candidate, build_with_changed_artifacts, overwrite_existing_manifest]
-# [/DEF:ManifestServiceModule]
+# [/DEF:ManifestServiceModule:Module]

 ---

@@ -111,7 +111,7 @@
 # @TEST_EDGE: registry_missing -> reject request
 # @TEST_EDGE: ui_override_attempt -> ignore override and fail validation
 # @TEST_INVARIANT: trusted_input_boundary -> VERIFIED_BY: [missing_profile, registry_missing, ui_override_attempt]
-# [/DEF:PolicyResolutionServiceModule]
+# [/DEF:PolicyResolutionServiceModule:Module]

 ---

@@ -138,7 +138,7 @@
 # @TEST_EDGE: task_crash_mid_run -> final_status ERROR with preserved partial evidence
 # @TEST_EDGE: blocked_violation_without_report -> reject finalization
 # @TEST_INVARIANT: run_report_consistency -> VERIFIED_BY: [run_without_manifest, task_crash_mid_run, blocked_violation_without_report]
-# [/DEF:ComplianceExecutionServiceModule]
+# [/DEF:ComplianceExecutionServiceModule:Module]

 ---

@@ -153,7 +153,7 @@
 # @INVARIANT: Mandatory stages execute in stable order unless run stops on terminal error policy.
 # @PRE: Compliance context contains candidate, manifest, policy snapshot and registry snapshot.
 # @POST: Each stage returns decision, violations and details without mutating trusted snapshots.
-# [/DEF:StagePipelineModule]
+# [/DEF:StagePipelineModule:Module]

 ---

@@ -177,7 +177,7 @@
 # @TEST_EDGE: duplicate_approve_terminal_state -> reject or preserve existing state deterministically
 # @TEST_EDGE: reject_then_publish -> publish remains blocked until a later valid approve
 # @TEST_INVARIANT: approval_gate_integrity -> VERIFIED_BY: [approve_blocked_report, approve_foreign_report, duplicate_approve_terminal_state, reject_then_publish]
-# [/DEF:ApprovalServiceModule]
+# [/DEF:ApprovalServiceModule:Module]

 ---

@@ -200,7 +200,7 @@
 # @TEST_EDGE: revoke_unknown_publication -> reject request
 # @TEST_EDGE: republish_after_revoke -> deterministic policy required
 # @TEST_INVARIANT: publication_gate_integrity -> VERIFIED_BY: [publish_without_approval, revoke_unknown_publication, republish_after_revoke]
-# [/DEF:PublicationServiceModule]
+# [/DEF:PublicationServiceModule:Module]

 ---

@@ -219,7 +219,7 @@
 # @INVARIANT: Audit records are append-only in real mode.
 # @PRE: Event context contains actor and operation identifiers.
 # @POST: One structured audit event is persisted per critical lifecycle mutation.
-# [/DEF:AuditServiceModule]
+# [/DEF:AuditServiceModule:Module]

 ---

@@ -231,7 +231,7 @@
 # @PURPOSE: Persist and query release candidates and candidate overview projections.
 # @LAYER: Infra
 # @INVARIANT: Candidate writes honor lifecycle guards defined in the domain module.
-# [/DEF:CandidateRepositoryModule]
+# [/DEF:CandidateRepositoryModule:Module]

 # [DEF:ArtifactRepositoryModule:Module]
 # @TIER: STANDARD
@@ -239,7 +239,7 @@
 # @PURPOSE: Persist and query candidate artifacts with checksum metadata.
 # @LAYER: Infra
 # @INVARIANT: Artifact checksum/path records remain stable after import.
-# [/DEF:ArtifactRepositoryModule]
+# [/DEF:ArtifactRepositoryModule:Module]

 # [DEF:ManifestRepositoryModule:Module]
 # @TIER: STANDARD
@@ -247,7 +247,7 @@
 # @PURPOSE: Persist immutable manifests and provide latest-version lookup.
 # @LAYER: Infra
 # @INVARIANT: Existing manifest versions are read-only.
-# [/DEF:ManifestRepositoryModule]
+# [/DEF:ManifestRepositoryModule:Module]

 # [DEF:PolicySnapshotRepositoryModule:Module]
 # @TIER: STANDARD
@@ -255,7 +255,7 @@
 # @PURPOSE: Persist immutable policy and registry snapshots used by runs.
 # @LAYER: Infra
 # @INVARIANT: Snapshot content cannot be mutated after persistence.
-# [/DEF:PolicySnapshotRepositoryModule]
+# [/DEF:PolicySnapshotRepositoryModule:Module]

 # [DEF:ComplianceRepositoryModule:Module]
 # @TIER: STANDARD
@@ -263,7 +263,7 @@
 # @PURPOSE: Persist compliance runs, stage records and violations.
 # @LAYER: Infra
 # @INVARIANT: Historical run evidence is append-only in real mode.
-# [/DEF:ComplianceRepositoryModule]
+# [/DEF:ComplianceRepositoryModule:Module]

 # [DEF:ReportRepositoryModule:Module]
 # @TIER: STANDARD
@@ -271,7 +271,7 @@
 # @PURPOSE: Persist immutable compliance reports and support report lookup by run and candidate.
 # @LAYER: Infra
 # @INVARIANT: Completed reports remain immutable.
-# [/DEF:ReportRepositoryModule]
+# [/DEF:ReportRepositoryModule:Module]

 # [DEF:ApprovalRepositoryModule:Module]
 # @TIER: STANDARD
@@ -279,7 +279,7 @@
 # @PURPOSE: Persist immutable approval decisions and query latest decision state.
 # @LAYER: Infra
 # @INVARIANT: Approval decisions are historical facts, not mutable flags.
-# [/DEF:ApprovalRepositoryModule]
+# [/DEF:ApprovalRepositoryModule:Module]

 # [DEF:PublicationRepositoryModule:Module]
 # @TIER: STANDARD
@@ -287,7 +287,7 @@
 # @PURPOSE: Persist publication and revocation records.
 # @LAYER: Infra
 # @INVARIANT: Publication history is append-only.
-# [/DEF:PublicationRepositoryModule]
+# [/DEF:PublicationRepositoryModule:Module]

 # [DEF:TrustedPolicyStoreModule:Module]
 # @TIER: STANDARD
@@ -295,7 +295,7 @@
 # @PURPOSE: Abstract the trusted read-only source of policies and source registries.
 # @LAYER: Infra
 # @INVARIANT: Store reads are side-effect free for clean release operations.
-# [/DEF:TrustedPolicyStoreModule]
+# [/DEF:TrustedPolicyStoreModule:Module]

 ---

@@ -319,7 +319,7 @@
 # @TEST_EDGE: invalid_input_http -> 422 validation error
 # @TEST_EDGE: reject_without_passed_report_http -> 409 conflict
 # @TEST_INVARIANT: api_contract_stability -> VERIFIED_BY: [invalid_transition_http, missing_candidate_http, invalid_input_http, reject_without_passed_report_http]
-# [/DEF:CleanReleaseApiContract]
+# [/DEF:CleanReleaseApiContract:Module]

 ---

@@ -340,7 +340,7 @@
 # @TEST_EDGE: cli_blocked_run -> exit code 1
 # @TEST_EDGE: cli_system_error -> exit code 3
 # @TEST_INVARIANT: cli_headless_integrity -> VERIFIED_BY: [cli_missing_manifest, cli_blocked_run, cli_system_error]
-# [/DEF:CleanReleaseCliContract]
+# [/DEF:CleanReleaseCliContract:Module]

 ---

@@ -370,7 +370,7 @@
 * @TEST_EDGE: blocked_report_on_F8 -> approve action disabled
 * @TEST_INVARIANT: tui_thin_client_boundary -> VERIFIED_BY: [no_tty_environment, missing_manifest_on_F5, blocked_report_on_F8]
 */
-<!-- [/DEF:CleanReleaseTuiApp] -->
+<!-- [/DEF:CleanReleaseTuiApp:Component] -->

 ---